Openssh question

thetwin · 03-14-2003, 01:09 AM

Greetings

I am running Redhat 7.2 and when I look at the Redhat errata site for updates to openssh, the most current for my distribution is openssh-3.1p1-6.i386.rpm.........However when I check rpmfind, I find openssh-3.5p1-1.i386.rpm from a place called Stuff on Rufus.W3.Org...My question is... it okay to install this rpm to update openssh or will that cause problems?

Cheers

fmotta · 03-14-2003, 03:53 AM

Genreally - there are dependencies which could complain upon install and upon upgrade - the packages commonly check dependencies (like openssl in this case) - if you force the install (see rpm man page) then you may not have problems - for now - later you may have to force other packages - I generally install from sources even on redhat - then I can upgrade as I feel I need.

thetwin · 03-14-2003, 01:25 PM

Thanks,

I guess I will look at installing from source. Being new it is easier to install/upgrade from RPM...

unSpawn · 03-14-2003, 02:00 PM

OpenSSH >= 3.3 contain remotely exploitable vulnerabilities.
Use 3.4 or 3.5 and be sure you also check your OpenSSL usage.

In general before asking upgrade questions check the maintainers/developers site for security reports, then the vendors site.
Then decide.

thetwin · 03-15-2003, 12:04 PM

I think I didn't ask the question properly. My concern was not the
upgrade itself, but the rpm coming from a place other than RedHat. I was unsure if this rpm would install properly or not. I had only used Redhat errata site previously to installing this rpm.

Thanks..upgrade went well.

Cheers